New ISO27k domotics security standard

ISO/IEC 27403 "Cybersecurity – IoT security and privacy – Guidelines for IoT-domotics" was published at the very end of last month.

“Domotics” is a neologism for smart homes.

This new standard covers the cybersecurity and privacy aspects of thing-to-thing interactions (e.g. home hubs and entertainment subsystems) as well as human-to-thing plus thing-to-sensors/actuators that physically interact with the home (e.g. smart door locks and thermostats) and networking both within the home (e.g. WiFi, Bluetooth) and beyond (e.g. fibre or wireless broadband).

The standard is aimed squarely at guiding the designers, manufacturers and security or privacy assessors of IoT domotics, as oppoed to retail customers and users. It provides examples of information risks that should (in theory at least) have been identified, evaluated and addressed by IoT suppliers baking-in suitable security controls to protect their valued customers' interests. In reality, how much security and privacy do you really expect from cheap and shoddy things in such a highly competitive and short-term-focused market?

Consumers who are as smart as their IoT things may be intrigued and concerned by the security and privacy implications of the streams of information now flowing freely around their homes and vehicles.

Furthermore, things are also increasingly invading our workplaces, not least because we wage-slaves are wearing or carrying them in through the front door every morning. Who doesn't have a smartphone or watch these days? Some of us may even be 'concealing' them internally: smart implants are both a thing and things.


Before those information streams become rivers and we find ourselves plunging headlong into the seething white water rapids in a flimsy inflatable, take a moment to ponder the information risk, security and privacy challenges ahead ... and hopefully plot a relatively safe route around the semi-submerged boulders and whirlpools.

The standard is sold through the national standard bodies, or direct from ISO and IEC.